Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS197071.roa
File:                     AS197071.roa (raw, json)
Hash identifier:          S4awI/s13gJtV7u3pUEhXtYvdtZoZO3qXWCSn8XSjdI=
Subject key identifier:   1F:35:9C:A9:F9:00:D9:3D:40:F3:34:55:CE:71:92:6D:AC:72:7E:DA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       161598C5C6098F3CB287EC6B8485156023E79B51
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS197071.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     197071
IP address blocks:        191.101.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:15:98:c5:c6:09:8f:3c:b2:87:ec:6b:84:85:15:60:23:e7:9b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=1F359CA9F900D93D40F33455CE71926DAC727EDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fd:e2:f2:a0:21:22:51:b3:da:52:96:28:3a:
                    ff:68:7b:e1:a2:09:4d:18:a3:ba:70:1a:8d:97:dc:
                    e9:e3:aa:f7:56:b0:ca:03:38:1b:39:e3:58:81:19:
                    6c:ee:40:c9:d2:70:3a:c8:d0:4e:c6:8b:e6:8f:1c:
                    56:c0:95:c2:7b:4c:8d:e3:f6:59:03:3b:5d:16:f4:
                    00:37:22:78:52:fc:5e:9a:a1:36:e8:d0:a9:71:54:
                    c1:dd:c5:55:87:73:63:0e:65:44:34:c9:45:83:93:
                    29:7f:37:c9:1a:08:1c:17:47:41:82:66:cc:47:e4:
                    76:32:48:e5:a5:66:2a:00:6a:fe:28:52:df:45:93:
                    1a:cb:f5:02:1e:a2:c3:9c:73:35:99:91:52:d0:6e:
                    35:65:9d:d6:e1:3f:53:9f:10:4a:18:98:fb:d1:58:
                    7d:e8:75:df:de:ac:36:a1:41:08:c6:c4:82:6c:a0:
                    3f:c7:df:f2:0b:54:17:5e:57:e8:1a:5b:8e:66:8a:
                    59:c6:c0:5e:e7:95:47:9b:c0:57:24:8d:fd:ca:86:
                    dd:b7:0a:e7:3d:7f:ed:9f:af:bb:a9:ae:96:90:98:
                    db:77:4f:40:38:5c:29:20:6e:2b:e3:5c:08:fe:a7:
                    a3:c7:e8:54:f6:ce:d3:17:af:3a:ea:b7:5b:ab:8a:
                    5e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:35:9C:A9:F9:00:D9:3D:40:F3:34:55:CE:71:92:6D:AC:72:7E:DA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS197071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:68:fd:22:9e:39:31:a0:21:1a:28:87:86:40:2a:1d:4f:db:
         d8:a3:ea:d8:b8:1f:f7:89:7a:19:3b:0c:d9:1c:f1:c9:2a:ef:
         e0:26:77:ce:b4:9b:81:e3:13:16:4c:24:63:54:02:e5:36:a3:
         cf:9f:45:59:5b:21:86:e9:ae:06:13:84:53:7c:af:bc:79:9b:
         0e:ee:2d:54:fc:4d:f5:94:3e:50:fe:e8:c4:25:89:13:87:19:
         d7:a1:22:47:19:09:7a:93:f4:ea:a4:b2:ee:95:88:83:d4:be:
         fe:73:2d:94:cd:c6:79:87:c9:df:e6:eb:9b:83:42:f2:bb:f2:
         e7:69:b3:3f:dc:e8:17:a4:ee:08:8a:72:19:a5:eb:4a:15:e3:
         12:2d:e6:ca:fa:bc:c9:7c:39:54:e7:f3:b3:28:90:99:31:f4:
         a6:4b:01:c5:b9:a9:fc:45:79:99:57:3f:72:3c:6a:f3:0e:a6:
         2b:4c:d9:52:f5:5c:e8:29:44:2c:11:a5:0a:ac:90:b6:da:1c:
         bf:56:0d:27:fa:ad:6f:e7:df:00:95:93:12:f9:bc:a3:e7:55:
         0c:06:36:fa:fc:a2:f9:77:77:e0:91:d6:3c:54:73:90:28:6a:
         39:d0:13:8e:f2:88:f9:7d:78:cb:a7:2d:7f:c0:70:35:67:b8:
         08:e6:1e:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFhWYxcYJjzyyh+xrhIUVYCPnm1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDFGMzU5Q0E5RjkwMEQ5M0Q0MEYzMzQ1NUNFNzE5MjZEQUM3MjdFREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8/eLyoCEiUbPaUpYoOv9oe+Gi
CU0Yo7pwGo2X3OnjqvdWsMoDOBs541iBGWzuQMnScDrI0E7Gi+aPHFbAlcJ7TI3j
9lkDO10W9AA3InhS/F6aoTbo0KlxVMHdxVWHc2MOZUQ0yUWDkyl/N8kaCBwXR0GC
ZsxH5HYySOWlZioAav4oUt9FkxrL9QIeosOcczWZkVLQbjVlndbhP1OfEEoYmPvR
WH3odd/erDahQQjGxIJsoD/H3/ILVBdeV+gaW45milnGwF7nlUebwFckjf3Kht23
Cuc9f+2fr7uprpaQmNt3T0A4XCkgbivjXAj+p6PH6FT2ztMXrzrqt1uril79AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHzWcqfkA2T1A8zRVznGSbaxyftowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk3MDcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Uz
MA0GCSqGSIb3DQEBCwUAA4IBAQBiaP0injkxoCEaKIeGQCodT9vYo+rYuB/3iXoZ
OwzZHPHJKu/gJnfOtJuB4xMWTCRjVALlNqPPn0VZWyGG6a4GE4RTfK+8eZsO7i1U
/E31lD5Q/ujEJYkThxnXoSJHGQl6k/TqpLLulYiD1L7+cy2UzcZ5h8nf5uubg0Ly
u/LnabM/3OgXpO4IinIZpetKFeMSLebK+rzJfDlU5/OzKJCZMfSmSwHFuan8RXmZ
Vz9yPGrzDqYrTNlS9VzoKUQsEaUKrJC22hy/Vg0n+q1v598AlZMS+byj51UMBjb6
/KL5d3fgkdY8VHOQKGo50BOO8oj5fXjLpy1/wHA1Z7gI5h6y
-----END CERTIFICATE-----